Relatively modern architectures such as arm64 or RISC-V don't implement
a self-decompressing kernel, and leave it up to the bootloader to
decompress the compressed image before executing it. For bare metal
boot, this policy makes sense, as a self-decompressing image essentially
duplicates a lot of fiddly preparation work to create a 1:1 mapping and
set up the C runtime, and to discover or infer where DRAM lives from
device trees or other firmware tables.
For EFI boot, the situation is a bit different: the EFI entrypoint is
called with a 1:1 cached mapping covering all of DRAM already active,
and with a stack, a heap, a memory map and boot services to load and
start images. This means it is rather trivial to implement a
self-decompressing wrapper for EFI boot in a generic manner, and reuse
it across architectures that implement EFI boot.
The only slight downside is that when UEFI secure boot is enabled, the
generic LoadImage/StartImage only allow signed images to be loaded and
started, and we would prefer to avoid the need to sign both the inner
and outer PE/COFF images.
However, the only truly generic and portable way to achieve this is to
rely on LoadImage/StartImage as the EFI spec defines them, and avoid
making assumptions about how things might work under the hood, and how
we might circumvent that. This includes just loading the image into
memory and jumping to the PE entry point: in the context of secure boot,
measured boot and other hardening measures the firmware may take (such
as disallowing mappings that are both writable and executable), using
the firmware's image loading API is the only maintainable choice.
For this reason, this version of the series includes support for signing
the images using sbsign, if the signing key and cert are specified in
Kconfig.
The code is wired up for arm64, LoongArch and RISC-V. The latter was
build tested only.
Changes since v4:
- make CONFIG_EFI_ZBOOT user selectable again, and turn it on by default
only for LoongArch
- set KBUILD_IMAGE to vmlinuz.efi if CONFIG_EFI_ZBOOT=y, so that make
targets such as zinstall and bindeb-pkg do the right thing
- throw an error is BSS was not cleared by the loader - this is needed
to detect broken distro implementations of LoadImage in shim and grub
- add vmlinuz.* to .gitignore on the various architectures
- switch back to defining uncompressed_size as 'extern __aligned(1)' so
that the compiler will perform the unaligned access as appropriate on
the architecture in question - this requires the latest binutils on
LoongArch [0]
Changes since v3:
- add support for XZ and ZSTD compression
- deal with exit data returned by StartImage()
- use LoadFile2 based image loading instead of passing the raw buffer -
this way, the provenance of the data is more visible, allowing us,
for instance, to deal with initrd= on arm64 transparently (this means
that systemd-boot on arm64 will work unmodified provided that the
[deprecated] command line initrd loader is enabled in the kernel
build)
- include LoongArch support
- rename compressed image to vmlinuz.efi on all architectures
Changes since v2:
- drop some of the refactoring work to make efi_printk() available in
the decompressor, and just use fixed strings instead;
- provide memcpy/memmove/memset based on the UEFI boot services, instead
of having to specify for each architecture how to wire these up;
- drop PI/DXE based signature check circumvention, and just sign the
inner image instead, if needed;
- add a header to the zimage binary that identifies it as a EFI zboot
image, and describes the compression algorithm and where the payload
lives in the image - this might be used by non-EFI loaders to locate
and decompress the bare metal image, given that the EFI zboot one is
not a hybrid like the one it encapsulates.
[0] https://sourceware.org/pipermail/binutils/2022-September/122713.html
Cc: "James E.J. Bottomley" <[email protected]>
Cc: Matthew Garrett <[email protected]>
Cc: Peter Jones <[email protected]>
Cc: Ilias Apalodimas <[email protected]>
Cc: Heinrich Schuchardt <[email protected]>
Cc: AKASHI Takahiro <[email protected]>
Cc: Palmer Dabbelt <[email protected]>
Cc: Atish Patra <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Huacai Chen <[email protected]>
Cc: Xi Ruoyao <[email protected]>
Cc: Lennart Poettering <[email protected]>
Cc: Jeremy Linton <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Catalin Marinas <[email protected]>
Ard Biesheuvel (8):
efi: name the ARCH-stub.c files uniformly
efi/libstub: add some missing EFI prototypes
efi/libstub: use EFI provided memcpy/memset routines
efi/libstub: move efi_system_table global var into separate object
efi/libstub: implement generic EFI zboot
arm64: efi: enable generic EFI compressed boot
riscv: efi: enable generic EFI compressed boot
loongarch: efi: enable generic EFI compressed boot
arch/arm64/Makefile | 9 +-
arch/arm64/boot/.gitignore | 1 +
arch/arm64/boot/Makefile | 6 +
arch/arm64/kernel/image-vars.h | 13 -
arch/loongarch/Kconfig | 1 +
arch/loongarch/Makefile | 4 +-
arch/loongarch/boot/.gitignore | 1 +
arch/loongarch/boot/Makefile | 6 +
arch/loongarch/kernel/image-vars.h | 3 -
arch/riscv/Makefile | 6 +-
arch/riscv/boot/.gitignore | 1 +
arch/riscv/boot/Makefile | 6 +
arch/riscv/kernel/image-vars.h | 9 -
drivers/firmware/efi/Kconfig | 38 +++
drivers/firmware/efi/libstub/Makefile | 21 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
drivers/firmware/efi/libstub/efi-stub.c | 2 -
drivers/firmware/efi/libstub/efistub.h | 35 ++-
drivers/firmware/efi/libstub/file.c | 17 ++
drivers/firmware/efi/libstub/intrinsics.c | 30 ++
drivers/firmware/efi/libstub/systable.c | 8 +
drivers/firmware/efi/libstub/zboot-header.S | 143 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 296 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 43 +++
include/linux/efi.h | 13 +
26 files changed, 732 insertions(+), 50 deletions(-)
create mode 100644 drivers/firmware/efi/libstub/Makefile.zboot
rename drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} (100%)
create mode 100644 drivers/firmware/efi/libstub/intrinsics.c
create mode 100644 drivers/firmware/efi/libstub/systable.c
create mode 100644 drivers/firmware/efi/libstub/zboot-header.S
create mode 100644 drivers/firmware/efi/libstub/zboot.c
create mode 100644 drivers/firmware/efi/libstub/zboot.lds
--
2.35.1
Rename arm32-stub.c to arm-stub.c so that we can refer to all of them as
$(ARCH)-stub.c
Signed-off-by: Ard Biesheuvel <[email protected]>
---
drivers/firmware/efi/libstub/Makefile | 9 ++-------
drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
2 files changed, 2 insertions(+), 7 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index ec2a7ba9364f..39478fb30b2a 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -68,13 +68,8 @@ $(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
-lib-$(CONFIG_ARM) += arm32-stub.o
-lib-$(CONFIG_ARM64) += arm64-stub.o
-lib-$(CONFIG_X86) += x86-stub.o
-lib-$(CONFIG_RISCV) += riscv-stub.o
-lib-$(CONFIG_LOONGARCH) += loongarch-stub.o
-
-CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+lib-y += $(ARCH)-stub.o
+CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
diff --git a/drivers/firmware/efi/libstub/arm32-stub.c b/drivers/firmware/efi/libstub/arm-stub.c
similarity index 100%
rename from drivers/firmware/efi/libstub/arm32-stub.c
rename to drivers/firmware/efi/libstub/arm-stub.c
--
2.35.1
Wire up the generic EFI zboot support for RISC-V.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
arch/riscv/Makefile | 6 +++++-
arch/riscv/boot/.gitignore | 1 +
arch/riscv/boot/Makefile | 6 ++++++
3 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
index 3fa8ef336822..d63295e21373 100644
--- a/arch/riscv/Makefile
+++ b/arch/riscv/Makefile
@@ -136,10 +136,14 @@ ifneq ($(CONFIG_XIP_KERNEL),y)
ifeq ($(CONFIG_RISCV_M_MODE)$(CONFIG_SOC_CANAAN),yy)
KBUILD_IMAGE := $(boot)/loader.bin
else
+ifeq ($(CONFIG_EFI_ZBOOT),)
KBUILD_IMAGE := $(boot)/Image.gz
+else
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
+endif
endif
endif
-BOOT_TARGETS := Image Image.gz loader loader.bin xipImage
+BOOT_TARGETS := Image Image.gz loader loader.bin xipImage vmlinuz.efi
all: $(notdir $(KBUILD_IMAGE))
diff --git a/arch/riscv/boot/.gitignore b/arch/riscv/boot/.gitignore
index 0cea9f7fa9d5..e1bc507e8cb2 100644
--- a/arch/riscv/boot/.gitignore
+++ b/arch/riscv/boot/.gitignore
@@ -4,4 +4,5 @@ Image.*
loader
loader.lds
loader.bin
+vmlinuz*
xipImage
diff --git a/arch/riscv/boot/Makefile b/arch/riscv/boot/Makefile
index becd0621071c..d1a49adcb1d7 100644
--- a/arch/riscv/boot/Makefile
+++ b/arch/riscv/boot/Makefile
@@ -58,3 +58,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/loader.bin: $(obj)/loader FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf$(BITS)-littleriscv
+EFI_ZBOOT_MACH_TYPE := RISCV$(BITS)
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
Implement a minimal EFI app that decompresses the real kernel image and
launches it using the firmware's LoadImage and StartImage boot services.
This removes the need for any arch-specific hacks.
Note that on systems that have UEFI secure boot policies enabled,
LoadImage/StartImage require images to be signed, or their hashes known
a priori, in order to be permitted to boot.
There are various possible strategies to work around this requirement,
but they all rely either on overriding internal PI/DXE protocols (which
are not part of the EFI spec) or omitting the firmware provided
LoadImage() and StartImage() boot services, which is also undesirable,
given that they encapsulate platform specific policies related to secure
boot and measured boot, but also related to memory permissions (whether
or not and which types of heap allocations have both write and execute
permissions.)
The only generic and truly portable way around this is to simply sign
both the inner and the outer image with the same key/cert pair, so this
is what is implemented here.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
drivers/firmware/efi/Kconfig | 38 +++
drivers/firmware/efi/libstub/Makefile | 9 +-
drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
drivers/firmware/efi/libstub/file.c | 17 ++
drivers/firmware/efi/libstub/zboot-header.S | 143 ++++++++++
drivers/firmware/efi/libstub/zboot.c | 296 ++++++++++++++++++++
drivers/firmware/efi/libstub/zboot.lds | 43 +++
include/linux/efi.h | 1 +
8 files changed, 614 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/Kconfig b/drivers/firmware/efi/Kconfig
index cbf1c55dc224..c155cd752261 100644
--- a/drivers/firmware/efi/Kconfig
+++ b/drivers/firmware/efi/Kconfig
@@ -105,6 +105,44 @@ config EFI_RUNTIME_WRAPPERS
config EFI_GENERIC_STUB
bool
+config EFI_ZBOOT
+ bool "Enable the generic EFI decompressor"
+ depends on EFI_GENERIC_STUB && !ARM
+ select HAVE_KERNEL_GZIP
+ select HAVE_KERNEL_LZ4
+ select HAVE_KERNEL_LZMA
+ select HAVE_KERNEL_LZO
+ select HAVE_KERNEL_XZ
+ select HAVE_KERNEL_ZSTD
+ help
+ Create the bootable image as an EFI application that carries the
+ actual kernel image in compressed form, and decompresses it into
+ memory before executing it via LoadImage/StartImage EFI boot service
+ calls. For compatibility with non-EFI loaders, the payload can be
+ decompressed and executed by the loader as well, provided that the
+ loader implements the decompression algorithm and that non-EFI boot
+ is supported by the encapsulated image. (The compression algorithm
+ used is described in the zboot image header)
+
+config EFI_ZBOOT_SIGNED
+ bool "Sign the EFI decompressor for UEFI secure boot"
+ depends on EFI_ZBOOT
+ help
+ Use the 'sbsign' command line tool (which must exist on the host
+ path) to sign both the EFI decompressor PE/COFF image, as well as the
+ encapsulated PE/COFF image, which is subsequently compressed and
+ wrapped by the former image.
+
+config EFI_ZBOOT_SIGNING_CERT
+ string "Certificate to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
+config EFI_ZBOOT_SIGNING_KEY
+ string "Private key to use for signing the compressed EFI boot image"
+ depends on EFI_ZBOOT_SIGNED
+ default ""
+
config EFI_ARMSTUB_DTB_LOADER
bool "Enable the DTB loader"
depends on EFI_GENERIC_STUB && !RISCV && !LOONGARCH
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 8d98efcf4473..8c1225b92492 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -72,6 +72,12 @@ lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
lib-y += $(ARCH)-stub.o
CFLAGS_arm-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET)
+zboot-obj-$(CONFIG_RISCV) := lib-clz_ctz.o lib-ashldi3.o
+lib-$(CONFIG_EFI_ZBOOT) += zboot.o $(zboot-obj-y)
+
+extra-y := $(lib-y)
+lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
+
# Even when -mbranch-protection=none is set, Clang will generate a
# .note.gnu.property for code-less object files (like lib/ctype.c),
# so work around this by explicitly removing the unwanted section.
@@ -111,9 +117,6 @@ STUBCOPY_RELOC-$(CONFIG_ARM) := R_ARM_ABS
# a verification pass to see if any absolute relocations exist in any of the
# object files.
#
-extra-y := $(lib-y)
-lib-y := $(patsubst %.o,%.stub.o,$(lib-y))
-
STUBCOPY_FLAGS-$(CONFIG_ARM64) += --prefix-alloc-sections=.init \
--prefix-symbols=__efistub_
STUBCOPY_RELOC-$(CONFIG_ARM64) := R_AARCH64_ABS
diff --git a/drivers/firmware/efi/libstub/Makefile.zboot b/drivers/firmware/efi/libstub/Makefile.zboot
new file mode 100644
index 000000000000..35f234ad8738
--- /dev/null
+++ b/drivers/firmware/efi/libstub/Makefile.zboot
@@ -0,0 +1,70 @@
+# SPDX-License-Identifier: GPL-2.0
+
+# to be include'd by arch/$(ARCH)/boot/Makefile after setting
+# EFI_ZBOOT_PAYLOAD, EFI_ZBOOT_BFD_TARGET and EFI_ZBOOT_MACH_TYPE
+
+comp-type-$(CONFIG_KERNEL_GZIP) := gzip
+comp-type-$(CONFIG_KERNEL_LZ4) := lz4
+comp-type-$(CONFIG_KERNEL_LZMA) := lzma
+comp-type-$(CONFIG_KERNEL_LZO) := lzo
+comp-type-$(CONFIG_KERNEL_XZ) := xzkern
+comp-type-$(CONFIG_KERNEL_ZSTD) := zstd22
+
+# in GZIP, the appended le32 carrying the uncompressed size is part of the
+# format, but in other cases, we just append it at the end for convenience,
+# causing the original tools to complain when checking image integrity.
+# So disregard it when calculating the payload size in the zimage header.
+zboot-method-y := $(comp-type-y)_with_size
+zboot-size-len-y := 4
+
+zboot-method-$(CONFIG_KERNEL_GZIP) := gzip
+zboot-size-len-$(CONFIG_KERNEL_GZIP) := 0
+
+quiet_cmd_sbsign = SBSIGN $@
+ cmd_sbsign = sbsign --out $@ $< \
+ --key $(CONFIG_EFI_ZBOOT_SIGNING_KEY) \
+ --cert $(CONFIG_EFI_ZBOOT_SIGNING_CERT)
+
+$(obj)/$(EFI_ZBOOT_PAYLOAD).signed: $(obj)/$(EFI_ZBOOT_PAYLOAD) FORCE
+ $(call if_changed,sbsign)
+
+ZBOOT_PAYLOAD-y := $(EFI_ZBOOT_PAYLOAD)
+ZBOOT_PAYLOAD-$(CONFIG_EFI_ZBOOT_SIGNED) := $(EFI_ZBOOT_PAYLOAD).signed
+
+$(obj)/vmlinuz: $(obj)/$(ZBOOT_PAYLOAD-y) FORCE
+ $(call if_changed,$(zboot-method-y))
+
+OBJCOPYFLAGS_vmlinuz.o := -I binary -O $(EFI_ZBOOT_BFD_TARGET) \
+ --rename-section .data=.gzdata,load,alloc,readonly,contents
+$(obj)/vmlinuz.o: $(obj)/vmlinuz FORCE
+ $(call if_changed,objcopy)
+
+AFLAGS_zboot-header.o += -DMACHINE_TYPE=IMAGE_FILE_MACHINE_$(EFI_ZBOOT_MACH_TYPE) \
+ -DZBOOT_EFI_PATH="\"$(realpath $(obj)/vmlinuz.efi.elf)\"" \
+ -DZBOOT_SIZE_LEN=$(zboot-size-len-y) \
+ -DCOMP_TYPE="\"$(comp-type-y)\""
+
+$(obj)/zboot-header.o: $(srctree)/drivers/firmware/efi/libstub/zboot-header.S FORCE
+ $(call if_changed_rule,as_o_S)
+
+ZBOOT_DEPS := $(obj)/zboot-header.o $(objtree)/drivers/firmware/efi/libstub/lib.a
+
+LDFLAGS_vmlinuz.efi.elf := -T $(srctree)/drivers/firmware/efi/libstub/zboot.lds
+$(obj)/vmlinuz.efi.elf: $(obj)/vmlinuz.o $(ZBOOT_DEPS) FORCE
+ $(call if_changed,ld)
+
+ZBOOT_EFI-y := vmlinuz.efi
+ZBOOT_EFI-$(CONFIG_EFI_ZBOOT_SIGNED) := vmlinuz.efi.unsigned
+
+OBJCOPYFLAGS_$(ZBOOT_EFI-y) := -O binary
+$(obj)/$(ZBOOT_EFI-y): $(obj)/vmlinuz.efi.elf FORCE
+ $(call if_changed,objcopy)
+
+targets += zboot-header.o vmlinuz vmlinuz.o vmlinuz.efi.elf vmlinuz.efi
+
+ifneq ($(CONFIG_EFI_ZBOOT_SIGNED),)
+$(obj)/vmlinuz.efi: $(obj)/vmlinuz.efi.unsigned FORCE
+ $(call if_changed,sbsign)
+endif
+
+targets += $(EFI_ZBOOT_PAYLOAD).signed vmlinuz.efi.unsigned
diff --git a/drivers/firmware/efi/libstub/file.c b/drivers/firmware/efi/libstub/file.c
index dd95f330fe6e..42b3338273aa 100644
--- a/drivers/firmware/efi/libstub/file.c
+++ b/drivers/firmware/efi/libstub/file.c
@@ -66,10 +66,27 @@ static efi_status_t efi_open_file(efi_file_protocol_t *volume,
static efi_status_t efi_open_volume(efi_loaded_image_t *image,
efi_file_protocol_t **fh)
{
+ struct efi_vendor_dev_path *dp = image->file_path;
+ efi_guid_t li_proto = LOADED_IMAGE_PROTOCOL_GUID;
efi_guid_t fs_proto = EFI_FILE_SYSTEM_GUID;
efi_simple_file_system_protocol_t *io;
efi_status_t status;
+ // If we are using EFI zboot, we should look for the file system
+ // protocol on the parent image's handle instead
+ if (IS_ENABLED(CONFIG_EFI_ZBOOT) &&
+ image->parent_handle != NULL &&
+ dp->header.type == EFI_DEV_MEDIA &&
+ dp->header.sub_type == EFI_DEV_MEDIA_VENDOR &&
+ !efi_guidcmp(dp->vendorguid, LINUX_EFI_ZBOOT_MEDIA_GUID)) {
+ status = efi_bs_call(handle_protocol, image->parent_handle,
+ &li_proto, (void *)&image);
+ if (status != EFI_SUCCESS) {
+ efi_err("Failed to locate parent image handle\n");
+ return status;
+ }
+ }
+
status = efi_bs_call(handle_protocol, image->device_handle, &fs_proto,
(void **)&io);
if (status != EFI_SUCCESS) {
diff --git a/drivers/firmware/efi/libstub/zboot-header.S b/drivers/firmware/efi/libstub/zboot-header.S
new file mode 100644
index 000000000000..9e6fe061ab07
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot-header.S
@@ -0,0 +1,143 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+#include <linux/pe.h>
+
+#ifdef CONFIG_64BIT
+ .set .Lextra_characteristics, 0x0
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32PLUS
+#else
+ .set .Lextra_characteristics, IMAGE_FILE_32BIT_MACHINE
+ .set .Lpe_opt_magic, PE_OPT_MAGIC_PE32
+#endif
+
+ .section ".head", "a"
+ .globl __efistub_efi_zboot_header
+__efistub_efi_zboot_header:
+.Ldoshdr:
+ .long MZ_MAGIC
+ .ascii "zimg" // image type
+ .long __efistub__gzdata_start - .Ldoshdr // payload offset
+ .long __efistub__gzdata_size - ZBOOT_SIZE_LEN // payload size
+ .long 0, 0 // reserved
+ .asciz COMP_TYPE // compression type
+ .org .Ldoshdr + 0x3c
+ .long .Lpehdr - .Ldoshdr // PE header offset
+
+.Lpehdr:
+ .long PE_MAGIC
+ .short MACHINE_TYPE
+ .short .Lsection_count
+ .long 0
+ .long 0
+ .long 0
+ .short .Lsection_table - .Loptional_header
+ .short IMAGE_FILE_DEBUG_STRIPPED | \
+ IMAGE_FILE_EXECUTABLE_IMAGE | \
+ IMAGE_FILE_LINE_NUMS_STRIPPED |\
+ .Lextra_characteristics
+
+.Loptional_header:
+ .short .Lpe_opt_magic
+ .byte 0, 0
+ .long _etext - .Lefi_header_end
+ .long __data_size
+ .long 0
+ .long __efistub_efi_zboot_entry - .Ldoshdr
+ .long .Lefi_header_end - .Ldoshdr
+
+#ifdef CONFIG_64BIT
+ .quad 0
+#else
+ .long _etext - .Ldoshdr, 0x0
+#endif
+ .long 4096
+ .long 512
+ .short 0, 0
+ .short LINUX_EFISTUB_MAJOR_VERSION // MajorImageVersion
+ .short LINUX_EFISTUB_MINOR_VERSION // MinorImageVersion
+ .short 0, 0
+ .long 0
+ .long _end - .Ldoshdr
+
+ .long .Lefi_header_end - .Ldoshdr
+ .long 0
+ .short IMAGE_SUBSYSTEM_EFI_APPLICATION
+ .short 0
+#ifdef CONFIG_64BIT
+ .quad 0, 0, 0, 0
+#else
+ .long 0, 0, 0, 0
+#endif
+ .long 0
+ .long (.Lsection_table - .) / 8
+
+ .quad 0 // ExportTable
+ .quad 0 // ImportTable
+ .quad 0 // ResourceTable
+ .quad 0 // ExceptionTable
+ .quad 0 // CertificationTable
+ .quad 0 // BaseRelocationTable
+#ifdef CONFIG_DEBUG_EFI
+ .long .Lefi_debug_table - .Ldoshdr // DebugTable
+ .long .Lefi_debug_table_size
+#endif
+
+.Lsection_table:
+ .ascii ".text\0\0\0"
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+ .long _etext - .Lefi_header_end
+ .long .Lefi_header_end - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_CODE | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_EXECUTE
+
+ .ascii ".data\0\0\0"
+ .long __data_size
+ .long _etext - .Ldoshdr
+ .long __data_rawsize
+ .long _etext - .Ldoshdr
+
+ .long 0, 0
+ .short 0, 0
+ .long IMAGE_SCN_CNT_INITIALIZED_DATA | \
+ IMAGE_SCN_MEM_READ | \
+ IMAGE_SCN_MEM_WRITE
+
+ .set .Lsection_count, (. - .Lsection_table) / 40
+
+#ifdef CONFIG_DEBUG_EFI
+ .section ".rodata", "a"
+ .align 2
+.Lefi_debug_table:
+ // EFI_IMAGE_DEBUG_DIRECTORY_ENTRY
+ .long 0 // Characteristics
+ .long 0 // TimeDateStamp
+ .short 0 // MajorVersion
+ .short 0 // MinorVersion
+ .long IMAGE_DEBUG_TYPE_CODEVIEW // Type
+ .long .Lefi_debug_entry_size // SizeOfData
+ .long 0 // RVA
+ .long .Lefi_debug_entry - .Ldoshdr // FileOffset
+
+ .set .Lefi_debug_table_size, . - .Lefi_debug_table
+ .previous
+
+.Lefi_debug_entry:
+ // EFI_IMAGE_DEBUG_CODEVIEW_NB10_ENTRY
+ .ascii "NB10" // Signature
+ .long 0 // Unknown
+ .long 0 // Unknown2
+ .long 0 // Unknown3
+
+ .asciz ZBOOT_EFI_PATH
+
+ .set .Lefi_debug_entry_size, . - .Lefi_debug_entry
+#endif
+
+ .p2align 12
+.Lefi_header_end:
+
diff --git a/drivers/firmware/efi/libstub/zboot.c b/drivers/firmware/efi/libstub/zboot.c
new file mode 100644
index 000000000000..33ba66adc373
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.c
@@ -0,0 +1,296 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <linux/pe.h>
+#include <asm/efi.h>
+
+#include "efistub.h"
+
+static unsigned char zboot_heap[SZ_256K] __aligned(64);
+static unsigned long free_mem_ptr, free_mem_end_ptr;
+
+#define STATIC static
+#if defined(CONFIG_KERNEL_GZIP)
+#include "../../../../lib/decompress_inflate.c"
+#elif defined(CONFIG_KERNEL_LZ4)
+#include "../../../../lib/decompress_unlz4.c"
+#elif defined(CONFIG_KERNEL_LZMA)
+#include "../../../../lib/decompress_unlzma.c"
+#elif defined(CONFIG_KERNEL_LZO)
+#include "../../../../lib/decompress_unlzo.c"
+#elif defined(CONFIG_KERNEL_XZ)
+#undef memcpy
+#define memcpy memcpy
+#undef memmove
+#define memmove memmove
+#include "../../../../lib/decompress_unxz.c"
+#elif defined(CONFIG_KERNEL_ZSTD)
+#include "../../../../lib/decompress_unzstd.c"
+#endif
+
+extern char efi_zboot_header[];
+extern char _gzdata_start[], _gzdata_end[];
+
+// The uncompressed size of the payload is appended to the raw bit
+// stream, and may therefore appear misaligned in memory
+extern u32 uncompressed_size __aligned(1);
+
+static void log(efi_char16_t str[])
+{
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"EFI decompressor: ");
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, str);
+ efi_call_proto(efi_table_attr(efi_system_table, con_out),
+ output_string, L"\n");
+}
+
+static void error(char *x)
+{
+ log(L"error() called from decompressor library\n");
+}
+
+// Local version to avoid pulling in memcmp()
+static bool guids_eq(const efi_guid_t *a, const efi_guid_t *b)
+{
+ const u32 *l = (u32 *)a;
+ const u32 *r = (u32 *)b;
+
+ return l[0] == r[0] && l[1] == r[1] && l[2] == r[2] && l[3] == r[3];
+}
+
+static efi_status_t __efiapi
+load_file(efi_load_file_protocol_t *this, efi_device_path_protocol_t *rem,
+ bool boot_policy, unsigned long *bufsize, void *buffer)
+{
+ unsigned long compressed_size = _gzdata_end - _gzdata_start;
+ struct efi_vendor_dev_path *vendor_dp;
+ bool decompress = false;
+ unsigned long size;
+ int ret;
+
+ if (rem == NULL || bufsize == NULL)
+ return EFI_INVALID_PARAMETER;
+
+ if (boot_policy)
+ return EFI_UNSUPPORTED;
+
+ // Look for our vendor media device node in the remaining file path
+ if (rem->type == EFI_DEV_MEDIA &&
+ rem->sub_type == EFI_DEV_MEDIA_VENDOR) {
+ vendor_dp = container_of(rem, struct efi_vendor_dev_path, header);
+ if (!guids_eq(&vendor_dp->vendorguid, &LINUX_EFI_ZBOOT_MEDIA_GUID))
+ return EFI_NOT_FOUND;
+
+ decompress = true;
+ rem = (void *)(vendor_dp + 1);
+ }
+
+ if (rem->type != EFI_DEV_END_PATH ||
+ rem->sub_type != EFI_DEV_END_ENTIRE)
+ return EFI_NOT_FOUND;
+
+ size = decompress ? uncompressed_size : compressed_size;
+ if (buffer == NULL || *bufsize < size) {
+ *bufsize = size;
+ return EFI_BUFFER_TOO_SMALL;
+ }
+
+ if (decompress) {
+ ret = __decompress(_gzdata_start, compressed_size, NULL, NULL,
+ buffer, 0, NULL, error);
+ if (ret < 0) {
+ log(L"Decompression failed");
+ return EFI_DEVICE_ERROR;
+ }
+ } else {
+ memcpy(buffer, _gzdata_start, compressed_size);
+ }
+
+ return EFI_SUCCESS;
+}
+
+// Return the length in bytes of the device path up to the first end node.
+static int device_path_length(const efi_device_path_protocol_t *dp)
+{
+ int len = 0;
+
+ while (dp->type != EFI_DEV_END_PATH) {
+ len += dp->length;
+ dp = (void *)((u8 *)dp + dp->length);
+ }
+ return len;
+}
+
+static void append_rel_offset_node(efi_device_path_protocol_t **dp,
+ unsigned long start, unsigned long end)
+{
+ struct efi_rel_offset_dev_path *rodp = (void *)*dp;
+
+ rodp->header.type = EFI_DEV_MEDIA;
+ rodp->header.sub_type = EFI_DEV_MEDIA_REL_OFFSET;
+ rodp->header.length = sizeof(struct efi_rel_offset_dev_path);
+ rodp->reserved = 0;
+ rodp->starting_offset = start;
+ rodp->ending_offset = end;
+
+ *dp = (void *)(rodp + 1);
+}
+
+static void append_ven_media_node(efi_device_path_protocol_t **dp,
+ efi_guid_t *guid)
+{
+ struct efi_vendor_dev_path *vmdp = (void *)*dp;
+
+ vmdp->header.type = EFI_DEV_MEDIA;
+ vmdp->header.sub_type = EFI_DEV_MEDIA_VENDOR;
+ vmdp->header.length = sizeof(struct efi_vendor_dev_path);
+ vmdp->vendorguid = *guid;
+
+ *dp = (void *)(vmdp + 1);
+}
+
+static void append_end_node(efi_device_path_protocol_t **dp)
+{
+ (*dp)->type = EFI_DEV_END_PATH;
+ (*dp)->sub_type = EFI_DEV_END_ENTIRE;
+ (*dp)->length = sizeof(struct efi_generic_dev_path);
+
+ ++*dp;
+}
+
+asmlinkage efi_status_t __efiapi
+efi_zboot_entry(efi_handle_t handle, efi_system_table_t *systab)
+{
+ efi_device_path_protocol_t *parent_dp, *dpp, *lf2_dp, *li_dp;
+ efi_load_file2_protocol_t zboot_load_file2;
+ efi_loaded_image_t *parent, *child;
+ unsigned long exit_data_size;
+ efi_handle_t child_handle;
+ efi_handle_t zboot_handle;
+ efi_char16_t *exit_data;
+ efi_status_t status;
+ void *dp_alloc;
+ int dp_len;
+
+ WRITE_ONCE(efi_system_table, systab);
+
+ // Sadly, this is necessary.
+ if (free_mem_ptr || free_mem_end_ptr) {
+ log(L"Broken loader detected -- BSS not zeroed as it should be");
+ return EFI_LOAD_ERROR;
+ }
+
+ free_mem_ptr = (unsigned long)&zboot_heap;
+ free_mem_end_ptr = free_mem_ptr + sizeof(zboot_heap);
+
+ exit_data = NULL;
+ exit_data_size = 0;
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&parent);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image protocol");
+ return status;
+ }
+
+ status = efi_bs_call(handle_protocol, handle,
+ &LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID,
+ (void **)&parent_dp);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate parent's loaded image device path protocol");
+ return status;
+ }
+
+ // Allocate some pool memory for device path protocol data
+ dp_len = parent_dp ? device_path_length(parent_dp) : 0;
+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
+ 2 * (dp_len + sizeof(struct efi_rel_offset_dev_path) +
+ sizeof(struct efi_generic_dev_path)) +
+ sizeof(struct efi_vendor_dev_path),
+ (void **)&dp_alloc);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to allocate device path pool memory");
+ return status;
+ }
+
+ // Create a device path describing the compressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)
+ lf2_dp = memcpy(dp_alloc, parent_dp, dp_len);
+ dpp = (void *)((u8 *)lf2_dp + dp_len);
+ append_rel_offset_node(&dpp,
+ (unsigned long)(_gzdata_start - efi_zboot_header),
+ (unsigned long)(_gzdata_end - efi_zboot_header - 1));
+ append_end_node(&dpp);
+
+ // Create a device path describing the decompressed payload in this image
+ // <...parent_dp...>/Offset(<start>, <end>)/VenMedia(ZBOOT_MEDIA_GUID)
+ dp_len += sizeof(struct efi_rel_offset_dev_path);
+ li_dp = memcpy(dpp, lf2_dp, dp_len);
+ dpp = (void *)((u8 *)li_dp + dp_len);
+ append_ven_media_node(&dpp, &LINUX_EFI_ZBOOT_MEDIA_GUID);
+ append_end_node(&dpp);
+
+ zboot_handle = NULL;
+ zboot_load_file2.load_file = load_file;
+ status = efi_bs_call(install_multiple_protocol_interfaces,
+ &zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to install LoadFile2 protocol and device path");
+ goto free_dpalloc;
+ }
+
+ status = efi_bs_call(load_image, false, handle, li_dp, NULL, 0,
+ &child_handle);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to load image");
+ goto uninstall_lf2;
+ }
+
+ status = efi_bs_call(handle_protocol, child_handle,
+ &LOADED_IMAGE_PROTOCOL_GUID, (void **)&child);
+ if (status != EFI_SUCCESS) {
+ log(L"Failed to locate child's loaded image protocol");
+ goto unload_image;
+ }
+
+ // Copy the kernel command line
+ child->load_options = parent->load_options;
+ child->load_options_size = parent->load_options_size;
+
+ status = efi_bs_call(start_image, child_handle, &exit_data_size,
+ &exit_data);
+ if (status != EFI_SUCCESS) {
+ log(L"StartImage() returned with error");
+ if (exit_data_size > 0)
+ log(exit_data);
+
+ // If StartImage() returns EFI_SECURITY_VIOLATION, the image is
+ // not unloaded so we need to do it by hand.
+ if (status == EFI_SECURITY_VIOLATION)
+unload_image:
+ efi_bs_call(unload_image, child_handle);
+ }
+
+uninstall_lf2:
+ efi_bs_call(uninstall_multiple_protocol_interfaces,
+ zboot_handle,
+ &EFI_DEVICE_PATH_PROTOCOL_GUID, lf2_dp,
+ &EFI_LOAD_FILE2_PROTOCOL_GUID, &zboot_load_file2,
+ NULL);
+
+free_dpalloc:
+ efi_bs_call(free_pool, dp_alloc);
+
+ efi_bs_call(exit, handle, status, exit_data_size, exit_data);
+
+ // Free ExitData in case Exit() returned with a failure code,
+ // but return the original status code.
+ log(L"Exit() returned with failure code");
+ if (exit_data != NULL)
+ efi_bs_call(free_pool, exit_data);
+ return status;
+}
diff --git a/drivers/firmware/efi/libstub/zboot.lds b/drivers/firmware/efi/libstub/zboot.lds
new file mode 100644
index 000000000000..96f52adec3f2
--- /dev/null
+++ b/drivers/firmware/efi/libstub/zboot.lds
@@ -0,0 +1,43 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+
+ENTRY(__efistub_efi_zboot_header);
+
+SECTIONS
+{
+ .text : ALIGN(4096) {
+ *(.head)
+ *(.text* .init.text*)
+ }
+
+ .rodata : ALIGN(8) {
+ __efistub__gzdata_start = .;
+ *(.gzdata)
+ __efistub__gzdata_end = .;
+ *(.rodata* .init.rodata* .srodata*)
+ _etext = ALIGN(4096);
+ . = _etext;
+ }
+
+ .data : ALIGN(4096) {
+ *(.data* .init.data*)
+ _edata = ALIGN(512);
+ . = _edata;
+ }
+
+ .bss : {
+ *(.bss* .init.bss*)
+ _end = ALIGN(512);
+ . = _end;
+ }
+
+ /DISCARD/ : {
+ *(.modinfo .init.modinfo)
+ }
+}
+
+PROVIDE(__efistub__gzdata_size = ABSOLUTE(. - __efistub__gzdata_start));
+
+PROVIDE(__efistub_uncompressed_size = __efistub__gzdata_end - 4);
+
+PROVIDE(__data_rawsize = ABSOLUTE(_edata - _etext));
+PROVIDE(__data_size = ABSOLUTE(_end - _etext));
diff --git a/include/linux/efi.h b/include/linux/efi.h
index af90f7989f80..5efc3105f8e0 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -411,6 +411,7 @@ void efi_native_runtime_setup(void);
#define LINUX_EFI_TPM_FINAL_LOG_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25)
#define LINUX_EFI_MEMRESERVE_TABLE_GUID EFI_GUID(0x888eb0c6, 0x8ede, 0x4ff5, 0xa8, 0xf0, 0x9a, 0xee, 0x5c, 0xb9, 0x77, 0xc2)
#define LINUX_EFI_INITRD_MEDIA_GUID EFI_GUID(0x5568e427, 0x68fc, 0x4f3d, 0xac, 0x74, 0xca, 0x55, 0x52, 0x31, 0xcc, 0x68)
+#define LINUX_EFI_ZBOOT_MEDIA_GUID EFI_GUID(0xe565a30d, 0x47da, 0x4dbd, 0xb3, 0x54, 0x9b, 0xb5, 0xc8, 0x4f, 0x8b, 0xe2)
#define LINUX_EFI_MOK_VARIABLE_TABLE_GUID EFI_GUID(0xc451ed2b, 0x9694, 0x45d3, 0xba, 0xba, 0xed, 0x9f, 0x89, 0x88, 0xa3, 0x89)
#define LINUX_EFI_COCO_SECRET_AREA_GUID EFI_GUID(0xadf956ad, 0xe98c, 0x484c, 0xae, 0x11, 0xb5, 0x1c, 0x7d, 0x33, 0x64, 0x47)
--
2.35.1
Define the correct prototypes for the load_image, start_image and
unload_image boot service pointers so we can call them from the EFI
zboot code.
Also add some prototypes related to installation and deinstallation of
protocols in to the EFI protocol database, including some definitions
related to device paths.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
drivers/firmware/efi/libstub/efistub.h | 31 ++++++++++++++++----
include/linux/efi.h | 12 ++++++++
2 files changed, 38 insertions(+), 5 deletions(-)
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index b0ae0a454404..c7efc404e663 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -171,6 +171,23 @@ struct efi_boot_memmap {
typedef struct efi_generic_dev_path efi_device_path_protocol_t;
+union efi_device_path_to_text_protocol {
+ struct {
+ efi_char16_t *(__efiapi *convert_device_node_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ efi_char16_t *(__efiapi *convert_device_path_to_text)(
+ const efi_device_path_protocol_t *,
+ bool, bool);
+ };
+ struct {
+ u32 convert_device_node_to_text;
+ u32 convert_device_path_to_text;
+ } mixed_mode;
+};
+
+typedef union efi_device_path_to_text_protocol efi_device_path_to_text_protocol_t;
+
typedef void *efi_event_t;
/* Note that notifications won't work in mixed mode */
typedef void (__efiapi *efi_event_notify_t)(efi_event_t, void *);
@@ -254,13 +271,17 @@ union efi_boot_services {
efi_handle_t *);
efi_status_t (__efiapi *install_configuration_table)(efi_guid_t *,
void *);
- void *load_image;
- void *start_image;
+ efi_status_t (__efiapi *load_image)(bool, efi_handle_t,
+ efi_device_path_protocol_t *,
+ void *, unsigned long,
+ efi_handle_t *);
+ efi_status_t (__efiapi *start_image)(efi_handle_t, unsigned long *,
+ efi_char16_t **);
efi_status_t __noreturn (__efiapi *exit)(efi_handle_t,
efi_status_t,
unsigned long,
efi_char16_t *);
- void *unload_image;
+ efi_status_t (__efiapi *unload_image)(efi_handle_t);
efi_status_t (__efiapi *exit_boot_services)(efi_handle_t,
unsigned long);
void *get_next_monotonic_count;
@@ -277,8 +298,8 @@ union efi_boot_services {
void *locate_handle_buffer;
efi_status_t (__efiapi *locate_protocol)(efi_guid_t *, void *,
void **);
- void *install_multiple_protocol_interfaces;
- void *uninstall_multiple_protocol_interfaces;
+ efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
+ efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
void *copy_mem;
void *set_mem;
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d2b84c2fec39..af90f7989f80 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -368,6 +368,9 @@ void efi_native_runtime_setup(void);
#define UV_SYSTEM_TABLE_GUID EFI_GUID(0x3b13a7d4, 0x633e, 0x11dd, 0x93, 0xec, 0xda, 0x25, 0x56, 0xd8, 0x95, 0x93)
#define LINUX_EFI_CRASH_GUID EFI_GUID(0xcfc8fc79, 0xbe2e, 0x4ddc, 0x97, 0xf0, 0x9f, 0x98, 0xbf, 0xe2, 0x98, 0xa0)
#define LOADED_IMAGE_PROTOCOL_GUID EFI_GUID(0x5b1b31a1, 0x9562, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define LOADED_IMAGE_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0xbc62157e, 0x3e33, 0x4fec, 0x99, 0x20, 0x2d, 0x3b, 0x36, 0xd7, 0x50, 0xdf)
+#define EFI_DEVICE_PATH_PROTOCOL_GUID EFI_GUID(0x09576e91, 0x6d3f, 0x11d2, 0x8e, 0x39, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
+#define EFI_DEVICE_PATH_TO_TEXT_PROTOCOL_GUID EFI_GUID(0x8b843e20, 0x8132, 0x4852, 0x90, 0xcc, 0x55, 0x1a, 0x4e, 0x4a, 0x7f, 0x1c)
#define EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID EFI_GUID(0x9042a9de, 0x23dc, 0x4a38, 0x96, 0xfb, 0x7a, 0xde, 0xd0, 0x80, 0x51, 0x6a)
#define EFI_UGA_PROTOCOL_GUID EFI_GUID(0x982c298b, 0xf4fa, 0x41cb, 0xb8, 0x38, 0x77, 0xaa, 0x68, 0x8f, 0xb8, 0x39)
#define EFI_PCI_IO_PROTOCOL_GUID EFI_GUID(0x4cf5b200, 0x68b8, 0x4ca5, 0x9e, 0xec, 0xb2, 0x3e, 0x3f, 0x50, 0x02, 0x9a)
@@ -952,6 +955,7 @@ extern int efi_status_to_err(efi_status_t status);
#define EFI_DEV_MEDIA_VENDOR 3
#define EFI_DEV_MEDIA_FILE 4
#define EFI_DEV_MEDIA_PROTOCOL 5
+#define EFI_DEV_MEDIA_REL_OFFSET 8
#define EFI_DEV_BIOS_BOOT 0x05
#define EFI_DEV_END_PATH 0x7F
#define EFI_DEV_END_PATH2 0xFF
@@ -982,12 +986,20 @@ struct efi_vendor_dev_path {
u8 vendordata[];
} __packed;
+struct efi_rel_offset_dev_path {
+ struct efi_generic_dev_path header;
+ u32 reserved;
+ u64 starting_offset;
+ u64 ending_offset;
+} __packed;
+
struct efi_dev_path {
union {
struct efi_generic_dev_path header;
struct efi_acpi_dev_path acpi;
struct efi_pci_dev_path pci;
struct efi_vendor_dev_path vendor;
+ struct efi_rel_offset_dev_path rel_offset;
};
} __packed;
--
2.35.1
To avoid pulling in the wrong object when using the libstub static
library to build the decompressor, define efi_system_table in a separate
compilation unit.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
drivers/firmware/efi/libstub/Makefile | 3 ++-
drivers/firmware/efi/libstub/efi-stub.c | 2 --
drivers/firmware/efi/libstub/systable.c | 8 ++++++++
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 98045cfa46dc..8d98efcf4473 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -57,7 +57,8 @@ KCOV_INSTRUMENT := n
lib-y := efi-stub-helper.o gop.o secureboot.o tpm.o \
file.o mem.o random.o randomalloc.o pci.o \
skip_spaces.o lib-cmdline.o lib-ctype.o \
- alignedmem.o relocate.o vsprintf.o
+ alignedmem.o relocate.o vsprintf.o \
+ systable.o
# include the stub's generic dependencies from lib/ when building for ARM/arm64
efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
diff --git a/drivers/firmware/efi/libstub/efi-stub.c b/drivers/firmware/efi/libstub/efi-stub.c
index 4bf751484e8b..57ea04378087 100644
--- a/drivers/firmware/efi/libstub/efi-stub.c
+++ b/drivers/firmware/efi/libstub/efi-stub.c
@@ -57,8 +57,6 @@
static u64 virtmap_base = EFI_RT_VIRTUAL_BASE;
static bool flat_va_mapping = (EFI_RT_VIRTUAL_OFFSET != 0);
-const efi_system_table_t *efi_system_table;
-
static struct screen_info *setup_graphics(void)
{
efi_guid_t gop_proto = EFI_GRAPHICS_OUTPUT_PROTOCOL_GUID;
diff --git a/drivers/firmware/efi/libstub/systable.c b/drivers/firmware/efi/libstub/systable.c
new file mode 100644
index 000000000000..91d016b02f8c
--- /dev/null
+++ b/drivers/firmware/efi/libstub/systable.c
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+
+#include "efistub.h"
+
+const efi_system_table_t *efi_system_table;
--
2.35.1
The stub is used in different execution environments, but on arm64,
RISC-V and LoongArch, we still use the core kernel's implementation of
memcpy and memset, as they are just a branch instruction away, and can
generally be reused even from code such as the EFI stub that runs in a
completely different address space.
KAsan complicates this slightly, resulting in the need for some hacks to
expose the uninstrumented, __ prefixed versions as the normal ones, as
the latter are instrumented to include the KAsan checks, which only work
in the core kernel.
Unfortunately, #define'ing memcpy to __memcpy when building C code does
not guarantee that no explicit memcpy() calls will be emitted. And with
the upcoming zboot support, which consists of a separate binary which
therefore needs its own implementation of memcpy/memset anyway, it's
better to provide one explicitly instead of linking to the existing one.
Given that EFI exposes implementations of memmove() and memset() via the
boot services table, let's wire those up in the appropriate way, and
drop the references to the core kernel ones.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
arch/arm64/kernel/image-vars.h | 13 ---------
arch/loongarch/kernel/image-vars.h | 3 --
arch/riscv/kernel/image-vars.h | 9 ------
drivers/firmware/efi/libstub/Makefile | 2 +-
drivers/firmware/efi/libstub/efistub.h | 4 +--
drivers/firmware/efi/libstub/intrinsics.c | 30 ++++++++++++++++++++
6 files changed, 33 insertions(+), 28 deletions(-)
diff --git a/arch/arm64/kernel/image-vars.h b/arch/arm64/kernel/image-vars.h
index afa69e04e75e..11643f4d864d 100644
--- a/arch/arm64/kernel/image-vars.h
+++ b/arch/arm64/kernel/image-vars.h
@@ -24,9 +24,6 @@ PROVIDE(__efistub_primary_entry_offset = primary_entry - _text);
*/
PROVIDE(__efistub_memcmp = __pi_memcmp);
PROVIDE(__efistub_memchr = __pi_memchr);
-PROVIDE(__efistub_memcpy = __pi_memcpy);
-PROVIDE(__efistub_memmove = __pi_memmove);
-PROVIDE(__efistub_memset = __pi_memset);
PROVIDE(__efistub_strlen = __pi_strlen);
PROVIDE(__efistub_strnlen = __pi_strnlen);
PROVIDE(__efistub_strcmp = __pi_strcmp);
@@ -40,16 +37,6 @@ PROVIDE(__efistub__edata = _edata);
PROVIDE(__efistub_screen_info = screen_info);
PROVIDE(__efistub__ctype = _ctype);
-/*
- * The __ prefixed memcpy/memset/memmove symbols are provided by KASAN, which
- * instruments the conventional ones. Therefore, any references from the EFI
- * stub or other position independent, low level C code should be redirected to
- * the non-instrumented versions as well.
- */
-PROVIDE(__efistub___memcpy = __pi_memcpy);
-PROVIDE(__efistub___memmove = __pi_memmove);
-PROVIDE(__efistub___memset = __pi_memset);
-
PROVIDE(__pi___memcpy = __pi_memcpy);
PROVIDE(__pi___memmove = __pi_memmove);
PROVIDE(__pi___memset = __pi_memset);
diff --git a/arch/loongarch/kernel/image-vars.h b/arch/loongarch/kernel/image-vars.h
index c901ebb903f2..88f5d81702df 100644
--- a/arch/loongarch/kernel/image-vars.h
+++ b/arch/loongarch/kernel/image-vars.h
@@ -9,9 +9,6 @@
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strcat = strcat;
__efistub_strcmp = strcmp;
__efistub_strlen = strlen;
diff --git a/arch/riscv/kernel/image-vars.h b/arch/riscv/kernel/image-vars.h
index 71a76a623257..d6e5f739905e 100644
--- a/arch/riscv/kernel/image-vars.h
+++ b/arch/riscv/kernel/image-vars.h
@@ -25,21 +25,12 @@
*/
__efistub_memcmp = memcmp;
__efistub_memchr = memchr;
-__efistub_memcpy = memcpy;
-__efistub_memmove = memmove;
-__efistub_memset = memset;
__efistub_strlen = strlen;
__efistub_strnlen = strnlen;
__efistub_strcmp = strcmp;
__efistub_strncmp = strncmp;
__efistub_strrchr = strrchr;
-#ifdef CONFIG_KASAN
-__efistub___memcpy = memcpy;
-__efistub___memmove = memmove;
-__efistub___memset = memset;
-#endif
-
__efistub__start = _start;
__efistub__start_kernel = _start_kernel;
__efistub__end = _end;
diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile
index 39478fb30b2a..98045cfa46dc 100644
--- a/drivers/firmware/efi/libstub/Makefile
+++ b/drivers/firmware/efi/libstub/Makefile
@@ -65,7 +65,7 @@ efi-deps-y := fdt_rw.c fdt_ro.c fdt_wip.c fdt.c fdt_empty_tree.c fdt_sw.c
$(obj)/lib-%.o: $(srctree)/lib/%.c FORCE
$(call if_changed_rule,cc_o_c)
-lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o \
+lib-$(CONFIG_EFI_GENERIC_STUB) += efi-stub.o fdt.o string.o intrinsics.o \
$(patsubst %.c,lib-%.o,$(efi-deps-y))
lib-y += $(ARCH)-stub.o
diff --git a/drivers/firmware/efi/libstub/efistub.h b/drivers/firmware/efi/libstub/efistub.h
index c7efc404e663..54f37e886be7 100644
--- a/drivers/firmware/efi/libstub/efistub.h
+++ b/drivers/firmware/efi/libstub/efistub.h
@@ -301,8 +301,8 @@ union efi_boot_services {
efi_status_t (__efiapi *install_multiple_protocol_interfaces)(efi_handle_t *, ...);
efi_status_t (__efiapi *uninstall_multiple_protocol_interfaces)(efi_handle_t, ...);
void *calculate_crc32;
- void *copy_mem;
- void *set_mem;
+ void (__efiapi *copy_mem)(void *, const void *, unsigned long);
+ void (__efiapi *set_mem)(void *, unsigned long, unsigned char);
void *create_event_ex;
};
struct {
diff --git a/drivers/firmware/efi/libstub/intrinsics.c b/drivers/firmware/efi/libstub/intrinsics.c
new file mode 100644
index 000000000000..a04ab39292b6
--- /dev/null
+++ b/drivers/firmware/efi/libstub/intrinsics.c
@@ -0,0 +1,30 @@
+// SPDX-License-Identifier: GPL-2.0
+
+#include <linux/efi.h>
+#include <asm/efi.h>
+#include <asm/string.h>
+
+#include "efistub.h"
+
+#ifdef CONFIG_KASAN
+#undef memcpy
+#undef memmove
+#undef memset
+void *__memcpy(void *__dest, const void *__src, size_t __n) __alias(memcpy);
+void *__memmove(void *__dest, const void *__src, size_t count) __alias(memmove);
+void *__memset(void *s, int c, size_t count) __alias(memset);
+#endif
+
+void *memcpy(void *dst, const void *src, size_t len)
+{
+ efi_bs_call(copy_mem, dst, src, len);
+ return dst;
+}
+
+extern void *memmove(void *dst, const void *src, size_t len) __alias(memcpy);
+
+void *memset(void *dst, int c, size_t len)
+{
+ efi_bs_call(set_mem, dst, len, c & U8_MAX);
+ return dst;
+}
--
2.35.1
Wire up the generic EFI zboot support for arm64.
Signed-off-by: Ard Biesheuvel <[email protected]>
---
arch/arm64/Makefile | 9 +++++++--
arch/arm64/boot/.gitignore | 1 +
arch/arm64/boot/Makefile | 6 ++++++
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
index 6d9d4a58b898..a82bb3599094 100644
--- a/arch/arm64/Makefile
+++ b/arch/arm64/Makefile
@@ -151,12 +151,17 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
# Default target when executing plain make
boot := arch/arm64/boot
+
+ifeq ($(CONFIG_EFI_ZBOOT),)
KBUILD_IMAGE := $(boot)/Image.gz
+else
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
+endif
-all: Image.gz
+all: $(notdir $(KBUILD_IMAGE))
-Image: vmlinux
+Image vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
Image.%: Image
diff --git a/arch/arm64/boot/.gitignore b/arch/arm64/boot/.gitignore
index 9a7a9009d43a..af5dc61f8b43 100644
--- a/arch/arm64/boot/.gitignore
+++ b/arch/arm64/boot/.gitignore
@@ -1,3 +1,4 @@
# SPDX-License-Identifier: GPL-2.0-only
Image
Image.gz
+vmlinuz*
diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
index a0e3dedd2883..c65aee088410 100644
--- a/arch/arm64/boot/Makefile
+++ b/arch/arm64/boot/Makefile
@@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
$(obj)/Image.zst: $(obj)/Image FORCE
$(call if_changed,zstd)
+
+EFI_ZBOOT_PAYLOAD := Image
+EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
+EFI_ZBOOT_MACH_TYPE := ARM64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
Wire up the generic EFI zboot support for LoongArch64
Signed-off-by: Ard Biesheuvel <[email protected]>
---
arch/loongarch/Kconfig | 1 +
arch/loongarch/Makefile | 4 ++--
arch/loongarch/boot/.gitignore | 1 +
arch/loongarch/boot/Makefile | 6 ++++++
4 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
index fca106a8b8af..f960dbbfb62d 100644
--- a/arch/loongarch/Kconfig
+++ b/arch/loongarch/Kconfig
@@ -55,6 +55,7 @@ config LOONGARCH
select BUILDTIME_TABLE_SORT
select COMMON_CLK
select EFI
+ select EFI_ZBOOT
select GENERIC_CLOCKEVENTS
select GENERIC_CMOS_UPDATE
select GENERIC_CPU_AUTOPROBE
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index 4bc47f47cfd8..357ed2a771bf 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -10,7 +10,7 @@ KBUILD_DEFCONFIG := loongson3_defconfig
ifndef CONFIG_EFI_STUB
KBUILD_IMAGE := $(boot)/vmlinux.elf
else
-KBUILD_IMAGE := $(boot)/vmlinux.efi
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
endif
#
@@ -93,7 +93,7 @@ vdso_install:
all: $(notdir $(KBUILD_IMAGE))
-vmlinux.elf vmlinux.efi: vmlinux
+vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
$(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
install:
diff --git a/arch/loongarch/boot/.gitignore b/arch/loongarch/boot/.gitignore
index 49423ee96ef3..e5dc594dc4b6 100644
--- a/arch/loongarch/boot/.gitignore
+++ b/arch/loongarch/boot/.gitignore
@@ -1,2 +1,3 @@
# SPDX-License-Identifier: GPL-2.0-only
vmlinux*
+vmlinuz*
diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
index fecf34f50e56..4e1c374c5782 100644
--- a/arch/loongarch/boot/Makefile
+++ b/arch/loongarch/boot/Makefile
@@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
targets += vmlinux.efi
$(obj)/vmlinux.efi: vmlinux FORCE
$(call if_changed,objcopy)
+
+EFI_ZBOOT_PAYLOAD := vmlinux.efi
+EFI_ZBOOT_BFD_TARGET := elf64-loongarch
+EFI_ZBOOT_MACH_TYPE := LOONGARCH64
+
+include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
--
2.35.1
Hi, Ard,
I prefer to give a chance to disable ZBOOT, so I don't want to select EFI_ZBOOT unconditionally in Kconfig, and then the Makefile can be like this:
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index c3f579bdf9e5..bc6fe65125f5 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -14,6 +14,10 @@ else
KBUILD_IMAGE := $(boot)/vmlinux.efi
endif
+ifdef CONFIG_EFI_ZBOOT
+KBUILD_IMAGE := $(boot)/vmlinuz.efi
+endif
+
archscripts: scripts_basic
$(Q)$(MAKE) $(build)=arch/loongarch/boot/tools relocs
Huacai
> -----原始邮件-----
> 发件人: "Ard Biesheuvel" <[email protected]>
> 发送时间:2022-09-10 16:11:52 (星期六)
> 收件人: [email protected]
> 抄送: [email protected], [email protected], "Ard Biesheuvel" <[email protected]>, "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Huacai Chen" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> 主题: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
>
> Wire up the generic EFI zboot support for LoongArch64
>
> Signed-off-by: Ard Biesheuvel <[email protected]>
> ---
> arch/loongarch/Kconfig | 1 +
> arch/loongarch/Makefile | 4 ++--
> arch/loongarch/boot/.gitignore | 1 +
> arch/loongarch/boot/Makefile | 6 ++++++
> 4 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> index fca106a8b8af..f960dbbfb62d 100644
> --- a/arch/loongarch/Kconfig
> +++ b/arch/loongarch/Kconfig
> @@ -55,6 +55,7 @@ config LOONGARCH
> select BUILDTIME_TABLE_SORT
> select COMMON_CLK
> select EFI
> + select EFI_ZBOOT
> select GENERIC_CLOCKEVENTS
> select GENERIC_CMOS_UPDATE
> select GENERIC_CPU_AUTOPROBE
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index 4bc47f47cfd8..357ed2a771bf 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -10,7 +10,7 @@ KBUILD_DEFCONFIG := loongson3_defconfig
> ifndef CONFIG_EFI_STUB
> KBUILD_IMAGE := $(boot)/vmlinux.elf
> else
> -KBUILD_IMAGE := $(boot)/vmlinux.efi
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> endif
>
> #
> @@ -93,7 +93,7 @@ vdso_install:
>
> all: $(notdir $(KBUILD_IMAGE))
>
> -vmlinux.elf vmlinux.efi: vmlinux
> +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
>
> install:
> diff --git a/arch/loongarch/boot/.gitignore b/arch/loongarch/boot/.gitignore
> index 49423ee96ef3..e5dc594dc4b6 100644
> --- a/arch/loongarch/boot/.gitignore
> +++ b/arch/loongarch/boot/.gitignore
> @@ -1,2 +1,3 @@
> # SPDX-License-Identifier: GPL-2.0-only
> vmlinux*
> +vmlinuz*
> diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
> index fecf34f50e56..4e1c374c5782 100644
> --- a/arch/loongarch/boot/Makefile
> +++ b/arch/loongarch/boot/Makefile
> @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> targets += vmlinux.efi
> $(obj)/vmlinux.efi: vmlinux FORCE
> $(call if_changed,objcopy)
> +
> +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> --
> 2.35.1
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
On Sat, 10 Sept 2022 at 15:22, 陈华才 <[email protected]> wrote:
>
> Hi, Ard,
>
> I prefer to give a chance to disable ZBOOT, so I don't want to select EFI_ZBOOT unconditionally in Kconfig, and then the Makefile can be like this:
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index c3f579bdf9e5..bc6fe65125f5 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -14,6 +14,10 @@ else
> KBUILD_IMAGE := $(boot)/vmlinux.efi
> endif
>
> +ifdef CONFIG_EFI_ZBOOT
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> +endif
> +
> archscripts: scripts_basic
> $(Q)$(MAKE) $(build)=arch/loongarch/boot/tools relocs
>
OK, I will fold this in. This actually aligns it with the other
architectures, so I prefer this approach as well.
>
> > -----原始邮件-----
> > 发件人: "Ard Biesheuvel" <[email protected]>
> > 发送时间:2022-09-10 16:11:52 (星期六)
> > 收件人: [email protected]
> > 抄送: [email protected], [email protected], "Ard Biesheuvel" <[email protected]>, "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Huacai Chen" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> > 主题: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
> >
> > Wire up the generic EFI zboot support for LoongArch64
> >
> > Signed-off-by: Ard Biesheuvel <[email protected]>
> > ---
> > arch/loongarch/Kconfig | 1 +
> > arch/loongarch/Makefile | 4 ++--
> > arch/loongarch/boot/.gitignore | 1 +
> > arch/loongarch/boot/Makefile | 6 ++++++
> > 4 files changed, 10 insertions(+), 2 deletions(-)
> >
> > diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> > index fca106a8b8af..f960dbbfb62d 100644
> > --- a/arch/loongarch/Kconfig
> > +++ b/arch/loongarch/Kconfig
> > @@ -55,6 +55,7 @@ config LOONGARCH
> > select BUILDTIME_TABLE_SORT
> > select COMMON_CLK
> > select EFI
> > + select EFI_ZBOOT
> > select GENERIC_CLOCKEVENTS
> > select GENERIC_CMOS_UPDATE
> > select GENERIC_CPU_AUTOPROBE
> > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > index 4bc47f47cfd8..357ed2a771bf 100644
> > --- a/arch/loongarch/Makefile
> > +++ b/arch/loongarch/Makefile
> > @@ -10,7 +10,7 @@ KBUILD_DEFCONFIG := loongson3_defconfig
> > ifndef CONFIG_EFI_STUB
> > KBUILD_IMAGE := $(boot)/vmlinux.elf
> > else
> > -KBUILD_IMAGE := $(boot)/vmlinux.efi
> > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > endif
> >
> > #
> > @@ -93,7 +93,7 @@ vdso_install:
> >
> > all: $(notdir $(KBUILD_IMAGE))
> >
> > -vmlinux.elf vmlinux.efi: vmlinux
> > +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> > $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
> >
> > install:
> > diff --git a/arch/loongarch/boot/.gitignore b/arch/loongarch/boot/.gitignore
> > index 49423ee96ef3..e5dc594dc4b6 100644
> > --- a/arch/loongarch/boot/.gitignore
> > +++ b/arch/loongarch/boot/.gitignore
> > @@ -1,2 +1,3 @@
> > # SPDX-License-Identifier: GPL-2.0-only
> > vmlinux*
> > +vmlinuz*
> > diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
> > index fecf34f50e56..4e1c374c5782 100644
> > --- a/arch/loongarch/boot/Makefile
> > +++ b/arch/loongarch/boot/Makefile
> > @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> > targets += vmlinux.efi
> > $(obj)/vmlinux.efi: vmlinux FORCE
> > $(call if_changed,objcopy)
> > +
> > +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> > +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> > +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> > +
> > +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> > --
> > 2.35.1
>
>
> 本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
> This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
> -----原始邮件-----
> 发件人: "Ard Biesheuvel" <[email protected]>
> 发送时间:2022-09-10 22:28:04 (星期六)
> 收件人: "陈华才" <[email protected]>
> 抄送: [email protected], [email protected], [email protected], "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> 主题: Re: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
>
> On Sat, 10 Sept 2022 at 15:22, 陈华才 <[email protected]> wrote:
> >
> > Hi, Ard,
> >
> > I prefer to give a chance to disable ZBOOT, so I don't want to select EFI_ZBOOT unconditionally in Kconfig, and then the Makefile can be like this:
> > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > index c3f579bdf9e5..bc6fe65125f5 100644
> > --- a/arch/loongarch/Makefile
> > +++ b/arch/loongarch/Makefile
> > @@ -14,6 +14,10 @@ else
> > KBUILD_IMAGE := $(boot)/vmlinux.efi
> > endif
> >
> > +ifdef CONFIG_EFI_ZBOOT
> > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > +endif
> > +
> > archscripts: scripts_basic
> > $(Q)$(MAKE) $(build)=arch/loongarch/boot/tools relocs
> >
>
> OK, I will fold this in. This actually aligns it with the other
> architectures, so I prefer this approach as well.
Thank you, and if "make install" can also handle the zboot case, that's even better. :)
diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
index c3f579bdf9e5..5480fe2de7cd 100644
--- a/arch/loongarch/Makefile
+++ b/arch/loongarch/Makefile
@@ -137,7 +137,11 @@ vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
core-y += arch/loongarch/boot/dts/
install:
+ifndef CONFIG_EFI_ZBOOT
$(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE)
+else
+ $(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinuz-$(KERNELRELEASE)
+endif
$(Q)install -D -m 644 .config $(INSTALL_PATH)/config-$(KERNELRELEASE)
$(Q)install -D -m 644 System.map $(INSTALL_PATH)/System.map-$(KERNELRELEASE)
>
>
> >
> > > -----原始邮件-----
> > > 发件人: "Ard Biesheuvel" <[email protected]>
> > > 发送时间:2022-09-10 16:11:52 (星期六)
> > > 收件人: [email protected]
> > > 抄送: [email protected], [email protected], "Ard Biesheuvel" <[email protected]>, "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Huacai Chen" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> > > 主题: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
> > >
> > > Wire up the generic EFI zboot support for LoongArch64
> > >
> > > Signed-off-by: Ard Biesheuvel <[email protected]>
> > > ---
> > > arch/loongarch/Kconfig | 1 +
> > > arch/loongarch/Makefile | 4 ++--
> > > arch/loongarch/boot/.gitignore | 1 +
> > > arch/loongarch/boot/Makefile | 6 ++++++
> > > 4 files changed, 10 insertions(+), 2 deletions(-)
> > >
> > > diff --git a/arch/loongarch/Kconfig b/arch/loongarch/Kconfig
> > > index fca106a8b8af..f960dbbfb62d 100644
> > > --- a/arch/loongarch/Kconfig
> > > +++ b/arch/loongarch/Kconfig
> > > @@ -55,6 +55,7 @@ config LOONGARCH
> > > select BUILDTIME_TABLE_SORT
> > > select COMMON_CLK
> > > select EFI
> > > + select EFI_ZBOOT
> > > select GENERIC_CLOCKEVENTS
> > > select GENERIC_CMOS_UPDATE
> > > select GENERIC_CPU_AUTOPROBE
> > > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > > index 4bc47f47cfd8..357ed2a771bf 100644
> > > --- a/arch/loongarch/Makefile
> > > +++ b/arch/loongarch/Makefile
> > > @@ -10,7 +10,7 @@ KBUILD_DEFCONFIG := loongson3_defconfig
> > > ifndef CONFIG_EFI_STUB
> > > KBUILD_IMAGE := $(boot)/vmlinux.elf
> > > else
> > > -KBUILD_IMAGE := $(boot)/vmlinux.efi
> > > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > > endif
> > >
> > > #
> > > @@ -93,7 +93,7 @@ vdso_install:
> > >
> > > all: $(notdir $(KBUILD_IMAGE))
> > >
> > > -vmlinux.elf vmlinux.efi: vmlinux
> > > +vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> > > $(Q)$(MAKE) $(build)=$(boot) $(bootvars-y) $(boot)/$@
> > >
> > > install:
> > > diff --git a/arch/loongarch/boot/.gitignore b/arch/loongarch/boot/.gitignore
> > > index 49423ee96ef3..e5dc594dc4b6 100644
> > > --- a/arch/loongarch/boot/.gitignore
> > > +++ b/arch/loongarch/boot/.gitignore
> > > @@ -1,2 +1,3 @@
> > > # SPDX-License-Identifier: GPL-2.0-only
> > > vmlinux*
> > > +vmlinuz*
> > > diff --git a/arch/loongarch/boot/Makefile b/arch/loongarch/boot/Makefile
> > > index fecf34f50e56..4e1c374c5782 100644
> > > --- a/arch/loongarch/boot/Makefile
> > > +++ b/arch/loongarch/boot/Makefile
> > > @@ -18,3 +18,9 @@ $(obj)/vmlinux.elf: vmlinux FORCE
> > > targets += vmlinux.efi
> > > $(obj)/vmlinux.efi: vmlinux FORCE
> > > $(call if_changed,objcopy)
> > > +
> > > +EFI_ZBOOT_PAYLOAD := vmlinux.efi
> > > +EFI_ZBOOT_BFD_TARGET := elf64-loongarch
> > > +EFI_ZBOOT_MACH_TYPE := LOONGARCH64
> > > +
> > > +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> > > --
> > > 2.35.1
> >
> >
> > 本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
> > This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
On Sun, 11 Sept 2022 at 16:03, 陈华才 <[email protected]> wrote:
>
>
>
>
> > -----原始邮件-----
> > 发件人: "Ard Biesheuvel" <[email protected]>
> > 发送时间:2022-09-10 22:28:04 (星期六)
> > 收件人: "陈华才" <[email protected]>
> > 抄送: [email protected], [email protected], [email protected], "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> > 主题: Re: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
> >
> > On Sat, 10 Sept 2022 at 15:22, 陈华才 <[email protected]> wrote:
> > >
> > > Hi, Ard,
> > >
> > > I prefer to give a chance to disable ZBOOT, so I don't want to select EFI_ZBOOT unconditionally in Kconfig, and then the Makefile can be like this:
> > > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > > index c3f579bdf9e5..bc6fe65125f5 100644
> > > --- a/arch/loongarch/Makefile
> > > +++ b/arch/loongarch/Makefile
> > > @@ -14,6 +14,10 @@ else
> > > KBUILD_IMAGE := $(boot)/vmlinux.efi
> > > endif
> > >
> > > +ifdef CONFIG_EFI_ZBOOT
> > > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > > +endif
> > > +
> > > archscripts: scripts_basic
> > > $(Q)$(MAKE) $(build)=arch/loongarch/boot/tools relocs
> > >
> >
> > OK, I will fold this in. This actually aligns it with the other
> > architectures, so I prefer this approach as well.
>
> Thank you, and if "make install" can also handle the zboot case, that's even better. :)
>
> diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> index c3f579bdf9e5..5480fe2de7cd 100644
> --- a/arch/loongarch/Makefile
> +++ b/arch/loongarch/Makefile
> @@ -137,7 +137,11 @@ vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> core-y += arch/loongarch/boot/dts/
>
> install:
> +ifndef CONFIG_EFI_ZBOOT
> $(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE)
> +else
> + $(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinuz-$(KERNELRELEASE)
> +endif
> $(Q)install -D -m 644 .config $(INSTALL_PATH)/config-$(KERNELRELEASE)
> $(Q)install -D -m 644 System.map $(INSTALL_PATH)/System.map-$(KERNELRELEASE)
>
Is there any reason in particular this is open coded like this? Other
architectures just do something like
install:
$(call cmd,install)
and be done with it.
Hi, Ard,
> -----原始邮件-----
> 发件人: "Ard Biesheuvel" <[email protected]>
> 发送时间:2022-09-12 18:18:05 (星期一)
> 收件人: "陈华才" <[email protected]>
> 抄送: [email protected], [email protected], [email protected], "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> 主题: Re: Re: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
>
> On Sun, 11 Sept 2022 at 16:03, 陈华才 <[email protected]> wrote:
> >
> >
> >
> >
> > > -----原始邮件-----
> > > 发件人: "Ard Biesheuvel" <[email protected]>
> > > 发送时间:2022-09-10 22:28:04 (星期六)
> > > 收件人: "陈华才" <[email protected]>
> > > 抄送: [email protected], [email protected], [email protected], "James E.J. Bottomley" <[email protected]>, "Matthew Garrett" <[email protected]>, "Peter Jones" <[email protected]>, "Ilias Apalodimas" <[email protected]>, "Heinrich Schuchardt" <[email protected]>, "AKASHI Takahiro" <[email protected]>, "Palmer Dabbelt" <[email protected]>, "Atish Patra" <[email protected]>, "Arnd Bergmann" <[email protected]>, "Xi Ruoyao" <[email protected]>, "Lennart Poettering" <[email protected]>, "Jeremy Linton" <[email protected]>, "Will Deacon" <[email protected]>, "Catalin Marinas" <[email protected]>
> > > 主题: Re: [PATCH v5 8/8] loongarch: efi: enable generic EFI compressed boot
> > >
> > > On Sat, 10 Sept 2022 at 15:22, 陈华才 <[email protected]> wrote:
> > > >
> > > > Hi, Ard,
> > > >
> > > > I prefer to give a chance to disable ZBOOT, so I don't want to select EFI_ZBOOT unconditionally in Kconfig, and then the Makefile can be like this:
> > > > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > > > index c3f579bdf9e5..bc6fe65125f5 100644
> > > > --- a/arch/loongarch/Makefile
> > > > +++ b/arch/loongarch/Makefile
> > > > @@ -14,6 +14,10 @@ else
> > > > KBUILD_IMAGE := $(boot)/vmlinux.efi
> > > > endif
> > > >
> > > > +ifdef CONFIG_EFI_ZBOOT
> > > > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > > > +endif
> > > > +
> > > > archscripts: scripts_basic
> > > > $(Q)$(MAKE) $(build)=arch/loongarch/boot/tools relocs
> > > >
> > >
> > > OK, I will fold this in. This actually aligns it with the other
> > > architectures, so I prefer this approach as well.
> >
> > Thank you, and if "make install" can also handle the zboot case, that's even better. :)
> >
> > diff --git a/arch/loongarch/Makefile b/arch/loongarch/Makefile
> > index c3f579bdf9e5..5480fe2de7cd 100644
> > --- a/arch/loongarch/Makefile
> > +++ b/arch/loongarch/Makefile
> > @@ -137,7 +137,11 @@ vmlinux.elf vmlinux.efi vmlinuz.efi: vmlinux
> > core-y += arch/loongarch/boot/dts/
> >
> > install:
> > +ifndef CONFIG_EFI_ZBOOT
> > $(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinux-$(KERNELRELEASE)
> > +else
> > + $(Q)install -D -m 755 $(KBUILD_IMAGE) $(INSTALL_PATH)/vmlinuz-$(KERNELRELEASE)
> > +endif
> > $(Q)install -D -m 644 .config $(INSTALL_PATH)/config-$(KERNELRELEASE)
> > $(Q)install -D -m 644 System.map $(INSTALL_PATH)/System.map-$(KERNELRELEASE)
> >
>
> Is there any reason in particular this is open coded like this? Other
> architectures just do something like
>
> install:
> $(call cmd,install)
>
> and be done with it.
It seems that there are two problems:
1, the default install script doesn't install the configuration file;
2, the kernel name in "installkernel" isn't the same as the open coded version, it looks like this:
if [ $ARCH = 'ppc64' -o $ARCH = 'ppc' ]; then
KERNEL_NAME=vmlinux
else
KERNEL_NAME=vmlinuz
fi
Maybe we can provide an arch-specific install.sh as arm64 does, but it is even more complex than the open coded version.
Huacai
本邮件及其附件含有龙芯中科的商业秘密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形式使用(包括但不限于全部或部分地泄露、复制或散发)本邮件及其附件中的信息。如果您错收本邮件,请您立即电话或邮件通知发件人并删除本邮件。
This email and its attachments contain confidential information from Loongson Technology , which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this email in error, please notify the sender by phone or email immediately and delete it.
On 10/09/2022 09:11, Ard Biesheuvel wrote:
> EXTERNAL EMAIL: Do not click links or open attachments unless you know the content is safe
>
> Wire up the generic EFI zboot support for RISC-V.
>
> Signed-off-by: Ard Biesheuvel <[email protected]>
As promised:
Tested-by: Conor Dooley <[email protected]>
> ---
> arch/riscv/Makefile | 6 +++++-
> arch/riscv/boot/.gitignore | 1 +
> arch/riscv/boot/Makefile | 6 ++++++
> 3 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
> index 3fa8ef336822..d63295e21373 100644
> --- a/arch/riscv/Makefile
> +++ b/arch/riscv/Makefile
> @@ -136,10 +136,14 @@ ifneq ($(CONFIG_XIP_KERNEL),y)
> ifeq ($(CONFIG_RISCV_M_MODE)$(CONFIG_SOC_CANAAN),yy)
> KBUILD_IMAGE := $(boot)/loader.bin
> else
> +ifeq ($(CONFIG_EFI_ZBOOT),)
> KBUILD_IMAGE := $(boot)/Image.gz
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> +endif
> endif
> endif
> -BOOT_TARGETS := Image Image.gz loader loader.bin xipImage
> +BOOT_TARGETS := Image Image.gz loader loader.bin xipImage vmlinuz.efi
>
> all: $(notdir $(KBUILD_IMAGE))
>
> diff --git a/arch/riscv/boot/.gitignore b/arch/riscv/boot/.gitignore
> index 0cea9f7fa9d5..e1bc507e8cb2 100644
> --- a/arch/riscv/boot/.gitignore
> +++ b/arch/riscv/boot/.gitignore
> @@ -4,4 +4,5 @@ Image.*
> loader
> loader.lds
> loader.bin
> +vmlinuz*
> xipImage
> diff --git a/arch/riscv/boot/Makefile b/arch/riscv/boot/Makefile
> index becd0621071c..d1a49adcb1d7 100644
> --- a/arch/riscv/boot/Makefile
> +++ b/arch/riscv/boot/Makefile
> @@ -58,3 +58,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
>
> $(obj)/loader.bin: $(obj)/loader FORCE
> $(call if_changed,objcopy)
> +
> +EFI_ZBOOT_PAYLOAD := Image
> +EFI_ZBOOT_BFD_TARGET := elf$(BITS)-littleriscv
> +EFI_ZBOOT_MACH_TYPE := RISCV$(BITS)
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> --
> 2.35.1
>
On Fri, 16 Sept 2022 at 09:09, <[email protected]> wrote:
>
> On 10/09/2022 09:11, Ard Biesheuvel wrote:
> >
> > Wire up the generic EFI zboot support for RISC-V.
> >
> > Signed-off-by: Ard Biesheuvel <[email protected]>
>
> As promised:
> Tested-by: Conor Dooley <[email protected]>
>
Thanks a lot!
> > ---
> > arch/riscv/Makefile | 6 +++++-
> > arch/riscv/boot/.gitignore | 1 +
> > arch/riscv/boot/Makefile | 6 ++++++
> > 3 files changed, 12 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/riscv/Makefile b/arch/riscv/Makefile
> > index 3fa8ef336822..d63295e21373 100644
> > --- a/arch/riscv/Makefile
> > +++ b/arch/riscv/Makefile
> > @@ -136,10 +136,14 @@ ifneq ($(CONFIG_XIP_KERNEL),y)
> > ifeq ($(CONFIG_RISCV_M_MODE)$(CONFIG_SOC_CANAAN),yy)
> > KBUILD_IMAGE := $(boot)/loader.bin
> > else
> > +ifeq ($(CONFIG_EFI_ZBOOT),)
> > KBUILD_IMAGE := $(boot)/Image.gz
> > +else
> > +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> > +endif
> > endif
> > endif
> > -BOOT_TARGETS := Image Image.gz loader loader.bin xipImage
> > +BOOT_TARGETS := Image Image.gz loader loader.bin xipImage vmlinuz.efi
> >
> > all: $(notdir $(KBUILD_IMAGE))
> >
> > diff --git a/arch/riscv/boot/.gitignore b/arch/riscv/boot/.gitignore
> > index 0cea9f7fa9d5..e1bc507e8cb2 100644
> > --- a/arch/riscv/boot/.gitignore
> > +++ b/arch/riscv/boot/.gitignore
> > @@ -4,4 +4,5 @@ Image.*
> > loader
> > loader.lds
> > loader.bin
> > +vmlinuz*
> > xipImage
> > diff --git a/arch/riscv/boot/Makefile b/arch/riscv/boot/Makefile
> > index becd0621071c..d1a49adcb1d7 100644
> > --- a/arch/riscv/boot/Makefile
> > +++ b/arch/riscv/boot/Makefile
> > @@ -58,3 +58,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
> >
> > $(obj)/loader.bin: $(obj)/loader FORCE
> > $(call if_changed,objcopy)
> > +
> > +EFI_ZBOOT_PAYLOAD := Image
> > +EFI_ZBOOT_BFD_TARGET := elf$(BITS)-littleriscv
> > +EFI_ZBOOT_MACH_TYPE := RISCV$(BITS)
> > +
> > +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> > --
> > 2.35.1
> >
>
On Sat, 10 Sept 2022 at 10:12, Ard Biesheuvel <[email protected]> wrote:
>
> Wire up the generic EFI zboot support for arm64.
>
> Signed-off-by: Ard Biesheuvel <[email protected]>
I've queued up most of this now for 6.1 - Catalin, Will, any
objections if I queue this one as well via the efi tree?
> ---
> arch/arm64/Makefile | 9 +++++++--
> arch/arm64/boot/.gitignore | 1 +
> arch/arm64/boot/Makefile | 6 ++++++
> 3 files changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile
> index 6d9d4a58b898..a82bb3599094 100644
> --- a/arch/arm64/Makefile
> +++ b/arch/arm64/Makefile
> @@ -151,12 +151,17 @@ libs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a
>
> # Default target when executing plain make
> boot := arch/arm64/boot
> +
> +ifeq ($(CONFIG_EFI_ZBOOT),)
> KBUILD_IMAGE := $(boot)/Image.gz
> +else
> +KBUILD_IMAGE := $(boot)/vmlinuz.efi
> +endif
>
> -all: Image.gz
> +all: $(notdir $(KBUILD_IMAGE))
>
>
> -Image: vmlinux
> +Image vmlinuz.efi: vmlinux
> $(Q)$(MAKE) $(build)=$(boot) $(boot)/$@
>
> Image.%: Image
> diff --git a/arch/arm64/boot/.gitignore b/arch/arm64/boot/.gitignore
> index 9a7a9009d43a..af5dc61f8b43 100644
> --- a/arch/arm64/boot/.gitignore
> +++ b/arch/arm64/boot/.gitignore
> @@ -1,3 +1,4 @@
> # SPDX-License-Identifier: GPL-2.0-only
> Image
> Image.gz
> +vmlinuz*
> diff --git a/arch/arm64/boot/Makefile b/arch/arm64/boot/Makefile
> index a0e3dedd2883..c65aee088410 100644
> --- a/arch/arm64/boot/Makefile
> +++ b/arch/arm64/boot/Makefile
> @@ -38,3 +38,9 @@ $(obj)/Image.lzo: $(obj)/Image FORCE
>
> $(obj)/Image.zst: $(obj)/Image FORCE
> $(call if_changed,zstd)
> +
> +EFI_ZBOOT_PAYLOAD := Image
> +EFI_ZBOOT_BFD_TARGET := elf64-littleaarch64
> +EFI_ZBOOT_MACH_TYPE := ARM64
> +
> +include $(srctree)/drivers/firmware/efi/libstub/Makefile.zboot
> --
> 2.35.1
>
Hi,
With the BSS "fix" in grub for fedora/rhel, this is now working fine for
both systemd-boot and normal grub2, as well as booting directly from the
UEFI shell. Given both the magic number and the bss fix were merged at
the same time I don't think anyone should ever see the bad bss message,
at least not on the above distro's.
I've largely been testing this on the PFTF/RPi4, and in a libvirt
qemu/kvm env with/without ksan/etc on a mostly fedora configured kernel.
Hooking this up to kinstall makes sense and works, although i'm not a
big fan.
So, its looking good. All thumbs up here :)
Tested-by: Jeremy Linton <[email protected]>
On 9/10/22 03:11, Ard Biesheuvel wrote:
> Relatively modern architectures such as arm64 or RISC-V don't implement
> a self-decompressing kernel, and leave it up to the bootloader to
> decompress the compressed image before executing it. For bare metal
> boot, this policy makes sense, as a self-decompressing image essentially
> duplicates a lot of fiddly preparation work to create a 1:1 mapping and
> set up the C runtime, and to discover or infer where DRAM lives from
> device trees or other firmware tables.
>
> For EFI boot, the situation is a bit different: the EFI entrypoint is
> called with a 1:1 cached mapping covering all of DRAM already active,
> and with a stack, a heap, a memory map and boot services to load and
> start images. This means it is rather trivial to implement a
> self-decompressing wrapper for EFI boot in a generic manner, and reuse
> it across architectures that implement EFI boot.
>
> The only slight downside is that when UEFI secure boot is enabled, the
> generic LoadImage/StartImage only allow signed images to be loaded and
> started, and we would prefer to avoid the need to sign both the inner
> and outer PE/COFF images.
>
> However, the only truly generic and portable way to achieve this is to
> rely on LoadImage/StartImage as the EFI spec defines them, and avoid
> making assumptions about how things might work under the hood, and how
> we might circumvent that. This includes just loading the image into
> memory and jumping to the PE entry point: in the context of secure boot,
> measured boot and other hardening measures the firmware may take (such
> as disallowing mappings that are both writable and executable), using
> the firmware's image loading API is the only maintainable choice.
>
> For this reason, this version of the series includes support for signing
> the images using sbsign, if the signing key and cert are specified in
> Kconfig.
>
> The code is wired up for arm64, LoongArch and RISC-V. The latter was
> build tested only.
>
> Changes since v4:
> - make CONFIG_EFI_ZBOOT user selectable again, and turn it on by default
> only for LoongArch
> - set KBUILD_IMAGE to vmlinuz.efi if CONFIG_EFI_ZBOOT=y, so that make
> targets such as zinstall and bindeb-pkg do the right thing
> - throw an error is BSS was not cleared by the loader - this is needed
> to detect broken distro implementations of LoadImage in shim and grub
> - add vmlinuz.* to .gitignore on the various architectures
> - switch back to defining uncompressed_size as 'extern __aligned(1)' so
> that the compiler will perform the unaligned access as appropriate on
> the architecture in question - this requires the latest binutils on
> LoongArch [0]
>
> Changes since v3:
> - add support for XZ and ZSTD compression
> - deal with exit data returned by StartImage()
> - use LoadFile2 based image loading instead of passing the raw buffer -
> this way, the provenance of the data is more visible, allowing us,
> for instance, to deal with initrd= on arm64 transparently (this means
> that systemd-boot on arm64 will work unmodified provided that the
> [deprecated] command line initrd loader is enabled in the kernel
> build)
> - include LoongArch support
> - rename compressed image to vmlinuz.efi on all architectures
>
> Changes since v2:
> - drop some of the refactoring work to make efi_printk() available in
> the decompressor, and just use fixed strings instead;
> - provide memcpy/memmove/memset based on the UEFI boot services, instead
> of having to specify for each architecture how to wire these up;
> - drop PI/DXE based signature check circumvention, and just sign the
> inner image instead, if needed;
> - add a header to the zimage binary that identifies it as a EFI zboot
> image, and describes the compression algorithm and where the payload
> lives in the image - this might be used by non-EFI loaders to locate
> and decompress the bare metal image, given that the EFI zboot one is
> not a hybrid like the one it encapsulates.
>
> [0] https://sourceware.org/pipermail/binutils/2022-September/122713.html
>
> Cc: "James E.J. Bottomley" <[email protected]>
> Cc: Matthew Garrett <[email protected]>
> Cc: Peter Jones <[email protected]>
> Cc: Ilias Apalodimas <[email protected]>
> Cc: Heinrich Schuchardt <[email protected]>
> Cc: AKASHI Takahiro <[email protected]>
> Cc: Palmer Dabbelt <[email protected]>
> Cc: Atish Patra <[email protected]>
> Cc: Arnd Bergmann <[email protected]>
> Cc: Huacai Chen <[email protected]>
> Cc: Xi Ruoyao <[email protected]>
> Cc: Lennart Poettering <[email protected]>
> Cc: Jeremy Linton <[email protected]>
> Cc: Will Deacon <[email protected]>
> Cc: Catalin Marinas <[email protected]>
>
> Ard Biesheuvel (8):
> efi: name the ARCH-stub.c files uniformly
> efi/libstub: add some missing EFI prototypes
> efi/libstub: use EFI provided memcpy/memset routines
> efi/libstub: move efi_system_table global var into separate object
> efi/libstub: implement generic EFI zboot
> arm64: efi: enable generic EFI compressed boot
> riscv: efi: enable generic EFI compressed boot
> loongarch: efi: enable generic EFI compressed boot
>
> arch/arm64/Makefile | 9 +-
> arch/arm64/boot/.gitignore | 1 +
> arch/arm64/boot/Makefile | 6 +
> arch/arm64/kernel/image-vars.h | 13 -
> arch/loongarch/Kconfig | 1 +
> arch/loongarch/Makefile | 4 +-
> arch/loongarch/boot/.gitignore | 1 +
> arch/loongarch/boot/Makefile | 6 +
> arch/loongarch/kernel/image-vars.h | 3 -
> arch/riscv/Makefile | 6 +-
> arch/riscv/boot/.gitignore | 1 +
> arch/riscv/boot/Makefile | 6 +
> arch/riscv/kernel/image-vars.h | 9 -
> drivers/firmware/efi/Kconfig | 38 +++
> drivers/firmware/efi/libstub/Makefile | 21 +-
> drivers/firmware/efi/libstub/Makefile.zboot | 70 +++++
> drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} | 0
> drivers/firmware/efi/libstub/efi-stub.c | 2 -
> drivers/firmware/efi/libstub/efistub.h | 35 ++-
> drivers/firmware/efi/libstub/file.c | 17 ++
> drivers/firmware/efi/libstub/intrinsics.c | 30 ++
> drivers/firmware/efi/libstub/systable.c | 8 +
> drivers/firmware/efi/libstub/zboot-header.S | 143 ++++++++++
> drivers/firmware/efi/libstub/zboot.c | 296 ++++++++++++++++++++
> drivers/firmware/efi/libstub/zboot.lds | 43 +++
> include/linux/efi.h | 13 +
> 26 files changed, 732 insertions(+), 50 deletions(-)
> create mode 100644 drivers/firmware/efi/libstub/Makefile.zboot
> rename drivers/firmware/efi/libstub/{arm32-stub.c => arm-stub.c} (100%)
> create mode 100644 drivers/firmware/efi/libstub/intrinsics.c
> create mode 100644 drivers/firmware/efi/libstub/systable.c
> create mode 100644 drivers/firmware/efi/libstub/zboot-header.S
> create mode 100644 drivers/firmware/efi/libstub/zboot.c
> create mode 100644 drivers/firmware/efi/libstub/zboot.lds
>
On Sat, Sep 17, 2022 at 06:36:38PM +0200, Ard Biesheuvel wrote:
> On Sat, 10 Sept 2022 at 10:12, Ard Biesheuvel <[email protected]> wrote:
> >
> > Wire up the generic EFI zboot support for arm64.
> >
> > Signed-off-by: Ard Biesheuvel <[email protected]>
>
> I've queued up most of this now for 6.1 - Catalin, Will, any
> objections if I queue this one as well via the efi tree?
No objections.
Acked-by: Catalin Marinas <[email protected]>
On Sat, Sep 10, 2022 at 10:11:47AM +0200, Ard Biesheuvel wrote:
> The stub is used in different execution environments, but on arm64,
> RISC-V and LoongArch, we still use the core kernel's implementation of
> memcpy and memset, as they are just a branch instruction away, and can
> generally be reused even from code such as the EFI stub that runs in a
> completely different address space.
>
> KAsan complicates this slightly, resulting in the need for some hacks to
> expose the uninstrumented, __ prefixed versions as the normal ones, as
> the latter are instrumented to include the KAsan checks, which only work
> in the core kernel.
>
> Unfortunately, #define'ing memcpy to __memcpy when building C code does
> not guarantee that no explicit memcpy() calls will be emitted. And with
> the upcoming zboot support, which consists of a separate binary which
> therefore needs its own implementation of memcpy/memset anyway, it's
> better to provide one explicitly instead of linking to the existing one.
>
> Given that EFI exposes implementations of memmove() and memset() via the
> boot services table, let's wire those up in the appropriate way, and
> drop the references to the core kernel ones.
>
> Signed-off-by: Ard Biesheuvel <[email protected]>
> ---
> arch/arm64/kernel/image-vars.h | 13 ---------
Acked-by: Catalin Marinas <[email protected]>